Fergie's Tech Blog

Saturday, November 24, 2007

U.S. Toll in Iraq

As of Saturday, Nov. 24, 2007, at least 3,875 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,157 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

Friday, November 23, 2007

U.S. Toll in Iraq, Afghanistan

As of Friday, Nov. 23, 2007, at least 3,875 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,157 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, Nov. 23, 2007, at least 401 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Nov. 17, 2007, at 10 a.m. EST.

Firefighters Taking New Role as Anti-Terrorist Eyes of The U.S. Government

Firefighters in major cities are being trained to take on a new role as lookouts for terrorism, raising concerns of eroding their standing as trusted American icons and infringing on people's privacy.

Unlike police, firefighters and emergency medical personnel need no warrants to enter hundreds of thousands of homes and buildings each year, which puts them in position to spot behavior that could indicate terror activity or planning.

There are fears, however, that they could lose the faith of a skeptical public by becoming the eyes of the government, looking for suspicious items like building blueprints or bomb-making manuals or materials.

Cellphone Tracking Powers on Request

Federal officials are routinely asking courts to order cellphone companies to furnish real-time tracking data so they can pinpoint the whereabouts of drug traffickers, fugitives and other criminal suspects, according to judges and industry lawyers.

In some cases, judges have granted the requests without requiring the government to demonstrate that there is probable cause to believe that a crime is taking place or that the inquiry will yield evidence of a crime. Privacy advocates fear such a practice may expose average Americans to a new level of government scrutiny of their daily lives.

Researcher Releases Proof-of-Concept VoIP Hack

An expert has released a proof-of-concept program to show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology.

Called SIPtap, the software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need would be to infect a single PC inside the network with a Trojan incorporating these functions, although the hack would work at ISP level as well.

France Sets Sanctions Against Internet Piracy

Internet users in France who frequently download music or films illegally risk losing Web access under a new anti-piracy system unveiled on Friday.

The three-way pact between Internet service providers, the government and owners of film and music rights is a boon to the music industry, which has been calling for such measures to stop illicit downloads eating into its sales.

Under the agreement -- drawn up by a commission headed by the chief executive of FNAC, one of France's biggest music and film retailers -- service providers will issue warning messages to customers downloading files illegally.

If users ignore those messages, their accounts could be suspended or closed altogether.

MPAA University 'Toolkit' Raises Privacy Concerns

The Motion Picture of Association of America is urging some of the nation's largest universities to deploy custom software designed to pinpoint students who may be using the schools' networks to illegally download pirated movies.

A closer look at the MPAA's software, however, raises some serious privacy and security concerns for both the entertainment industry and the schools that choose to deploy the technology.

Thursday, November 22, 2007

U.S. Toll In Iraq

As of Thursday, Nov. 22, 2007, at least 3,874 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,157 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

LaoAirlines Website Serves Up Malware

Sophos has warned Australian travellers looking to book flights to South East Asia to make certain their anti-virus software is up to date before going online after yesterday intercepting malware on Lao Airlines.com.

According to Sophos, the malware is embedded at the bottom of the Laoairlines.com web page in invisible java script code.

Users who simply embark on the site will automatically be redirected to another site in China which then attempts to run an exploit and download an executable.

Canada: SaskTel Hit By Malware

A malicious code known as malware infected one SaskTel computer, leading the company to issue a release to all of its customers Wednesday, informing them of the issue and asking them to ensure their e-mail security filters are up to date.

Darcee MacFarlane, SaskTel's director of corporate affairs, said the incident occurred about a week ago after an employee inadvertently downloaded a file containing the malware onto a computer that contained distribution lists for the company.

UK Government CIO Warns Against More Giant Databases

The man charged with bringing coherence to government IT strategy issued his warning about the risks of large databases to a meeting of MPs called to discuss “The Surveillance Society”.

He made his comments just hours before Chancellor Alistair Darling revealed to MPs the loss of 25 million personal records on two discs being transferred between the HM Revenue and Customs and the National Audit Office.

UK: HMRC Had 2,111 Data Disasters in Past Year Alone

The bungling Government department responsible for losing 25 million people's personal details in the post was hit by more than 2,100 reported breaches of security in the past year alone.

And 41 laptops – many containing sensitive financial details relating to members of the public – were stolen from employees at HM Revenue and Customs (HMRC) over the last 12 months, demolishing any notion that the loss of two computer discs containing the details of child benefit claimant was a "one-off" error.

HMRC's record of data losses came to light as it emerged that the National Audit Office (NAO), to which the HMRC was sending the discs, specifically asked for many sensitive details to be filtered out and not sent to it.

But HMRC officials refused to separate the details the NAO wanted to audit from those it did not need – like parents' names and bank details – because it would be "too burdensome" and costly to separate them.

Wednesday, November 21, 2007

Siberian Hacker Shut Down

In January, the Russian software developer Smart-Soft discovered a breach of the copy protection on its internet traffic solution Traffic Inspector. The company contacted investigators from the cyber-crime unit of the Internal Affairs Ministry. Investigators traced the breach back to Yuri Navilnikov, a 24-year old resident of Tobolsk, Siberia who went by the aliases “Faza” and “Faza9.”

Tobolsk police located and confiscated the computer used to attack Smart-Soft. Further analysis showed that in addition to Smart-Soft, Navilnikov had cracked programs from other developers including Microsoft, Adobe Systems, Autodesk, ABBYY, and Ahead Software.

The hacker was charged with unsanctioned access to information and the creation, use and modification of harmful computer programs under Articles 272 and 273 of the Russian Civil Code. Faced with the evidence against him, Navilnikov admitted to his crime.

In August, Navilnikov was found guilty in criminal court and hit with a hefty government fine.

U.S. Toll in Iraq

As of Wednesday, Nov. 21, 2007, at least 3,874 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,157 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

China has refused permission for a US aircraft carrier and accompanying vessels to visit Hong Kong for a long-planned Thanksgiving holiday visit, the US State Department said.

The Kitty Hawk group and its crew of 8,000 US airmen and sailors had been expected in Hong Kong on Wednesday, but will now spend the holiday on the South China Sea.

Hundred of relatives of crew members of the USS Kitty Hawk had flown to Hong Kong to celebrate Thanksgiving with their loved ones. Hong Kong has been a regular port of call for US sailors on R & R (rest and recuperation) since the Vietnam War.

Constituents' E-Mail on XM Deal Not Well Received

A check by The Washington Post of 60 people whose names were attached to identical, anti-merger e-mails instigated by the National Association of Broadcasters, a major opponent of the merger, produced mostly unanswered phone calls and recordings saying the phones were disconnected. Of the 10 people reached, nine said they never sent anything to the FCC, and only one said she remembered filling out something about Sirius but did not recall taking a position on a merger.

The responses raise questions debated a lot in Congress and at federal agencies lately: Are the hundreds of millions of narrow-interest e-mails that deluge official Washington each year a useful measure of public sentiment? Are they even being sent by real people?

The torrent, made possible by Web lobbying techniques, is subverting the process it was meant to influence, some experts said.

The nations' top intelligence official told a Denver court Monday that the nation's safety would be imperiled if Qwest employees are allowed to get classified documents about the telecom's secret contracts with the National Security Agency. The employees, who include former CEO Joseph Nacchio want the documents about NSA contracts to fight a civil suit filed against them by federal financial regulators, accusing them of defrauding shareholders in 2001.

In a 12-page affidavit, Directtor of National Intelligence Michael McConnell told a federal district court that turning over to the defense any information about classified and unclassified contracts, including dates of meetings between the telecom giant and the intelligence community "reasonably would cause damage to the national security." Nacchio - along with Robert Woodruff, Afshin Mohebbi, James Kozlowski and Frank Noyes - are being sued for millions in damages in civil court by the Security and Exchange Commission.

Survey: 85% of Public Lack Confidence in Local Government's Computer Security

Eight-five percent of users of online government services believe that their local authority's IT systems have probably already suffered a security breach at the hands of cybercriminals, according to a survey released today by Sophos. The survey, which polled 241 members of the public, also revealed that in such circumstances, 86 percent of users would hold the local authority itself responsible, rather than the hackers.

While 62 percent of the public believe that the private and public sectors are as bad [as] each other when it comes to defending this personal data, almost a third of users believe the public sector does a worse job, compared to just 7 percent who stated that the private sector is at greater fault.

The researchers, Benny Pinkas from the University of Haifa and two Hebrew University graduate students, Zvi Gutterman and Leo Dorrendorf, reverse-engineered the algorithm used by Windows 2000's pseudo-random number generator (PRNG), then used that knowledge to pick apart the operating system's encryption. Attackers could exploit a weakness in the PRNG, said Pinkas and his colleagues, to predict encryption keys that would be created in the future as well as reveal the keys that had been generated in the past.

Militants Seen Educated in Cyber Training Camps

The Internet has become a key teaching tool for Islamist militants who are using it to educate recruits in cyber training camps, crime and security experts said on Wednesday.

Gabriel Weimann, an Internet security expert who teaches at the University of Haifa in Israel and the University of Mainz in Germany, said militants used to do all their training at secret camps in countries like Afghanistan.

"Now they meet in cyberspace," Weimann told a conference on Internet security at the headquarters of Germany's Federal Police Office (BKA).

He said that Web sites and chat rooms used by militant Islamist groups like al Qaeda are not only used for the dissemination of propaganda but also for education.

Tuesday, November 20, 2007

U.S. Toll in Iraq

As of Tuesday, Nov. 20, 2007, at least 3,873 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,157 died as a result of hostile action, according to the military's numbers.

The AP count is one higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

Quote of the Day [2]: Adam Shostack

"Data breaches are not meaningful because of identity theft. They are about honesty about a commitment that an organization has made while collecting data, and a failure to meet that commitment. They're about people's privacy, as the Astroglide and Victoria's Secret cases make clear."

An Unfortunate Situation: Smithsonian's AU$2.8B Cry for Help

The world's largest museum, created with a bequest of golden sovereigns from a British scientist, is asking for an injection of $US2.5 billion ($2.8 billion) of private capital to stop it falling down.

The Smithsonian Institution's board of regents authorised this week the first big fundraising campaign in its 161-year history to meet a backlog of repairs on crumbling buildings.

The Washington complex houses 142 million items, including some of America's greatest treasures, in art galleries, research centres and world famous museums like those for Natural History or Air & Space.

In the past year the venerable organisation has been shaken by allegations of financial scandal, political controversy over its programs and warnings that some artefacts are being put at risk by inadequate or dilapidated facilities.

Quote of the Day: Spencer Ackerman

"Just in time for the holidays, there's a special place in Hell just waiting to be filled by some as-yet-unknown Pentagon bureaucrat. Apparently, thousands of wounded soldiers who served in Iraq are being asked to return part of their enlistment bonuses -- because their injuries prevented them from completing their tours."

McDowell addressed his position in a speech at a Media Institute luncheon in Washington, D.C.

He said Martin's assertion that the cable industry is facing less competition and should be subject to more regulation "is a radical departure for the Commission -- a departure being made without sufficient public comment."

Numbers: E-commerce Fraud will Cost Merchants $3.6 Billion This Year

As online retailers gear up for Black Friday and Cyber Monday--when they hope consumers will come in droves to spend money on their websites--they must also deal with another reality of electronic commerce: the increasing expense of preventing credit card fraud. E-commerce fraud will cost U.S. merchants $3.6 billion this year, a 20 percent increase over 2006, according to the ninth annual CyberSource Fraud Survey.

According to the study, which was conducted by CyberSource and Mindwave Research, merchants are losing more money in 2007 not because fraud is happening more often, but because keeping fraud at bay is becoming more expensive.

Credit Card Thieves Flood Wikimedia With Pennies

The Wikimedia Foundation, the parent organization of the free online encyclopedia Wikipedia and other open-source projects, recently increased the minimum amount it will accept in donations after scammers apparently began testing the validity of stolen credit cards by sending a series of 1-cent "donations" to the group.

On Nov. 8, Wikimedia saw hundreds of penny donations come in over a very short period of time. In many cases, Wikimedia donors leave messages of support or praise for the organization along with their gift, but all of the fake donations were anonymous and contained no greeting, suggesting their submission may have somehow been automated.

Report Cites China's Cyber-Warfare Plans

If the United States and China were to find themselves in an armed conflict, China is likely to launch cyber attacks on American regional bases in Japan and South Korea, and might even include cyber attacks on the U.S. homeland that target financial, economic, energy and communications infrastructures.

According to Gen. James Cartwright, commander of the U.S. Strategic Command, China is already actively engaging in cyber-reconnaissance through the probing of computer networks of U.S. government agencies and private companies.

Cartwright said the data collected from these reconnaissance probes can be used for many purposes, including identifying network weak points, understanding how U.S. leaders think, discovering the communication patterns of government agencies and private companies, and gaining valuable information stored throughout the networks.

UK: HMRC and Government Condemned Over Loss of 25M Records

Industry figures unite in condemnation of the Government's handling of the loss of 25 million child benefit records - thought to be the name and address of every child in Britain, as well as the bank account details of carers and parents.

In a statement to the House of Commons, the Chancellor Alistair Darling explained that the data had been held on two disks that had been sent to the National Audit Office (NAO) from an HMRC office. The chairman of HMRC had already offered his resignation after the breach was made public.

Hackers Jack Monster.com, Infect Job Hunters

Monster.com took a portion of its Web site offline Monday as researchers reported that it had been compromised by an IFrame attack and was being used to infect visitors with a multi-exploit attack kit.

According to Internet records, the Russian Business Network (RBN) hacker network may be involved.

Parts of the Monster Company Boulevard, which lets job hunters search for positions by company, were unavailable Monday; by evening, the entire section was dark. Most major American companies are represented on the site -- Google Inc.'s cache of the page that shows only those firms that begin with the letter B, for example, included Banana Republic, Bank of America, Black & Decker, Boeing, Broadcom and Budget Car Rental.

Best Exposé of the Day: The Guardian on Fox News Fake Impartiality

Britons may be familiar with Rupert Murdoch, but I don't think the UK has a beast quite like the American Fox News Channel. Celebrating its 11th year on the air, Fox is a breathtaking institution.

It is a lock, stock and barrel servant of the Republican party, devoted first and foremost to electing Republicans and defeating Democrats; it's even run by a man, Roger Ailes, who helped elect Richard Nixon, Ronald Reagan and George Bush senior to the presidency.

And yet, because it minimally adheres to certain superficial conventions, it can masquerade as a "news" outfit and enjoy all the rights that accrue to that.

Monday, November 19, 2007

In Passing: Central CA Gas Station Owner Dies In Hunger Strike

Mehdi Shahbazi, a gasoline station operator who waged a hunger strike and public-relations battle against Shell Oil Co., died this week at Stanford University Hospital of liver failure. He was 65.

Shahbazi leased a Shell station in central California from 1982 until September. In 2005, he posted signs at the Marina station highlighting "big oil's unearned profit"—a protest that Shell said violated the terms of his lease. Shell sued, then Shahbazi accused the company of breach of contract and of violating the Petroleum Marketing Practices Act.

In July, he went on a liquids-only diet to underscore what he called onerous franchise fees and other problems faced by individual gas station operators.

He refused to sell gas, instead inviting customers to spend money at the store's mini-mart and car wash. He spent long hours writing legal motions for his federal case against Shell and e-mailing journalists about how station operators were suffering. He passed out business cards with the slogan "Pumping Mad" above his phone number.

Terrorists Better At Targeting Online Audience

"One of the most alarming trends we found on the Internet recently is what we call 'narrowcasting'," said Gabriel Weimann, professor of communications at the University of Haifa in Israel which monitors 5,800 militant Web sites.

Weimann said terrorist's goal is not to reach the largest Internet audience but to slice the audience into segments and target each with specific tactics. "Terrorists are using the Internet to focus on children, very young children, to attract young people to the ideology and later to the way of terrorism."

"When they target children, they do everything any commercial advertiser would do. They use comic books, storytelling, graphics, movies, competitions, prize-winning and so on," Weimann added.

The VA's Computer Systems Meltdown: What Happened and Why

At times, the bad news coming from the U.S. Department of Veterans Affairs seems unstoppable: D-grade medical facilities, ongoing security and privacy breaches, and a revolving door of departing leadership. In September, during a hearing by the House Committee on Veterans' Affairs, lawmakers learned about an unscheduled system failure that took down key applications in 17 VA medical facilities for a day.

Characterized by Dr. Ben Davoren, the director of clinical informatics for the San Francisco VA Medical Center, as "the most significant technological threat to patient safety the VA has ever had," the outage has moved some observers to call into question the VA's direction in consolidating its IT operations. Yet the shutdown grew from a simple change management procedure that wasn't properly followed.

The small, undocumented change ended up bringing down the primary patient applications at 17 VA medical centers in Northern California.

U.S. Toll in Iraq

As of Monday, Nov. 19, 2007, at least 3,873 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,153 died as a result of hostile action, according to the military's numbers.

The AP count is six higher than the Defense Department's tally, last updated Monday at 10 a.m. EST.

High Seas Drama Unfolding: Campaigners Plan to Ram Whaling Ships

Radical environmentalist group Sea Shepherd has again vowed to ram Japanese ships hunting whales in the Antarctic Ocean.

Japan's six-vessel whaling fleet took off from the western port of Shimonoseki for its five-month voyage on Sunday heading to the Antarctic Ocean for a hunt that will include humpback whales for the first time.

The Sea Shepherd Conservation Society says it will physically stop the hunt by ramming whaling vessels if necessary.

UK: Family Doctors to Shun National Database of Patient Records

Nearly two-thirds of family doctors are poised to boycott the government's scheme to put the medical records of 50 million NHS patients on a national electronic database, a Guardian poll reveals today.

With suspicion rife across the profession that sensitive personal data could be stolen by hackers and blackmailers, the poll found 59% of GPs in England are unwilling to upload any record without the patient's specific consent.

Red Hot Chili Peppers Sues Showtime Over 'Californication' Series Title

The Red Hot Chili Peppers on Monday sued Showtime Networks over the name of the television series "Californication," which is also the name of the band's 1999 album and a single on it.

The lawsuit alleges unfair competition, dilution of the value of the name and unjust enrichment, claiming the title is "inherently distinctive, famous ... and immediately associated in the mind of the consumer" with the Red Hot Chili Peppers.

Are Your DNS Servers Vulnerable to Cache Poisoning Attacks?

More than half of Internet name servers today allow requests that leave networks vulnerable to cache poisoning and distributed denial of service attacks -- a fact that has not improved over the past year.

The finding is part of the third annual survey of the Internet’s domain name servers released this week by The Measurement Factory, which conducted the survey for DNS management appliance maker Infoblox. The survey is based on a sample that included 5% of the IPv4 address space -- nearly 80 million devices -- and works to reveal configuration errors that compromise network security and availability.

Misspelled Children's Websites Lead to Porn

Children’s Web sites are frequent targets of typo-squatting, a growing category of online fraud which lures unsuspecting Web surfers to malicious sites when they misspell the URL. Some typo-squatters lure children to pornographic Web sites.

More than 60 of the “most squatted” sites are designed to appeal to minors, McAfee found in new research that quantifies the problem of typo-squatting. Domain names that are commonly targeted include webkinz.com, clubpenguin.com, and neopets.com, McAfee says.

Carriers Try To Avoid The Warrantless Eavesdropping Spotlight

As Congress pushes forward in its effort to bring some visibility to the Bush Administration's warrantless-wiretapping program, the nation's major telecom companies find themselves in increasing danger of having their own role in the program exposed in court.

Last week both the U.S. House and Senate pushed forward versions of the bill renewing the 1978 Foreign Intelligence Surveillance Act (FISA) that would not include so-called "retroactive immunity" for the carriers who acceded to White House demands for customer records of phone calls and Web-surfing activities -- usually without warrants or subpoenas -- in the last few years. President Bush has repeatedly stated that he will not sign a FISA renewal that does not provide the large telecoms with legal cover.

Death of the Internet Predicted Again: A Little Disingenuity

For well over a decade now, someone will come along every few months or so and claim that the internet is about to be overwhelmed by traffic and will collapse. However, these predictions never seem to come true, and when you dig deeper, you almost always find that the reports misinterpret some data. In fact, when you get down into the details, you'll almost always find that the technology guys say there's little threat of an internet collapse -- but the policy and business guys will often state otherwise.

So, take with a large grain of salt the latest research report claiming that the internet will collapse by 2010. Thankfully, Broadband Reports quickly picks apart the report to note that it was funded by the likes of AT&T and Level3, and it's being supported by a group whose job is to lobby for laws that help the telcos.

FBI Investigates Swedish Hacker

A 19-year-old man from Uppsala was found guilty on Monday of having gained unauthorized access to the computer networks of several Swedish universities and colleges. The teenager is now being investigated by the FBI, who suspect him of hacking American network giant Cisco.

The man was just 16 when he hacked his way in to what police described as "pretty much every college in Sweden". Svea Court of Appeal gave him a suspended sentence and ordered him to pay total damages of 181,467 kronor ($28,100) to several of the colleges and universities.

The Best Damned Thing You'll See All Week: 'The Warning'

David Vincent from the Art of Mental Warfare teamed up with Trent Reznor of Nine Inch Nails to present “Warning.” The project takes on the covert interests behind the war and our media saturated society.

The Aftermath of Identity Theft

It's not just hype -- identity theft is definitely on the rise, according to a study published earlier today by the Identity Theft Resource Center.

The study, entitled "Identity Theft: The Aftermath 2006," offers a detailed analysis of both online and physical theft, and its impact on victims and businesses.

The study shows that ID theft, both through the Internet and through stolen wallets and purses, increased significantly between 2004 and 2006, according to the ITRC. The cost of ID theft also has grown, and now costs businesses about $87,303 per incident, a figure that is 78 percent higher than it was in 2004.

AlcaLu Identifies Deep Packet Potential

The IP team at Alcatel-Lucent plans to develop its own deep packet inspection (DPI) capabilities that can be integrated into the vendor's edge routers, according to Basil Alwan, president of the vendor's IP business.

Alwan, who has just been handed additional responsibilities following a revamp of AlcaLu's Carrier Business Group, told Light Reading "there's good reason to invest" in DPI capabilities. "Investing in [DPI] makes a lot of sense and is part of our roadmap. We are going to do a lot with that technology," though nothing has yet been officially announced, he added.

AlcaLu currently has a number of partnerships to cover any current carrier customer requirements for DPI capabilities, including relationships with CloudShield Technologies Inc. and Sandvine Inc. With these partners, AlcaLu can meet the needs of service providers that want to identify P2P traffic on their networks and offer security-based managed services.

Websense: Phishing for Fishing

The term Phishing is partially derived from the practice of using sophisticated, deceptive bait in the hope of catching financial information from the end-users.

Well, in this case the bait is an online Boat Trading Web site. The victim actually appears to be Trader Online, which is a new and used online shopping site for expensive goods such as boats, motorcycles, and airplanes. It also looks like the Rock group has added this brand to their kit. One may wonder why anyone would want credentials for Trader Online. Perhaps it’s due to the high-end clientele that probably uses this service to sell yachts, RVs, and even planes on the site.

SCADA Watch: NIST Addresses Security for Industrial Controls Systems

The National Institute of Standards and Technology has released an initial draft of new security guidelines for government information technology systems used for industrial control processes. The guidelines are in a revised appendix [.pdf] to NIST Special Publication 800-53, “Recommended Security Controls for Federal Information Systems.”

NIST describes the draft as an out-of-cycle update. The only change between Revision 1 and Revision 2 is the complete replacement of Appendix I, so only that appendix is being released for public review.

“This special update is required due to the urgent need to provide guidance on appropriate safeguards and countermeasures for federal industrial control systems,” NIST said in announcing the release.

Parents of MySpace Hoax Victim Seek Legal Recourse

Getting ready for work this morning, I caught a Today Show interview with the parents of Megan Meier, the 13-year-old that I wrote about on Saturday, who committed suicide last year after being taunted on MySpace.

Meier believed she had been chatting on the social network with a boy named Josh. At first, "Josh" sent friendly messages, but after a few weeks, he abruptly turned accusatory and insulting.

Meier's parents found out several weeks after their daughter's death that Josh was actually not a boy, but rather the fictional creation of adults, including the mother of a friend of Megan's, with whom she had a falling-out.

In the Today Show interview, Tina and Ron Meier said that the FBI looked into the matter for some time, but was unable to find a law that had been broken. However, the two said they still hoped civil or criminal action might be possible against the adult cyberbullies.

Image of the Day: Support T.W.A.T.

PayPal to Offer Secure Method to Shop Non-PayPal Websites

PayPal, the payments service arm of online auction leader eBay Inc, is set to release on Tuesday a convenient way for its customers to make payments on Web sites that don't accept PayPal directly.

The new software utility, called the PayPal Secure Card, recognizes when a user lands on an e-commerce checkout page and automatically helps the user fill out the payment form in a secure way that also offers stepped-up fraud protections.

RBN: PC Hijacking via Banner-Ads on Major Web Portals

The Russian Business Network (RBN) in one of its boldest PC hijacking exploits used conventional banner-ads to redirect web visitors to “fake” anti-spyware sites, this is a new attack vector but uses known RBN server routes and exploits. Malware based ads have been spotted on various legitimate websites, ranging from baseball's MLB.com, NHL.com, Canada.com and The Economist.

Acting as a conventional Flash file, the exploit is via DoubleClick's DART program, DoubleClick acknowledges the malware, and says it has implemented a new security-monitoring system that has thus far captured and disabled a hundred ads.

U.S. Toll in Iraq

As of Sunday, Nov. 18, 2007, at least 3,871 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,151 died as a result of hostile action, according to the military's numbers.

The AP count is eight higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

Environment Watch: Japanese on Hunt for 1000 Whales

Defying furious international protest and a decades-old moratorium, a whaling fleet has left southern Japan's Shimonoseki port on a hunt that will include the humpback.

Japanese whalers were last night heading to waters off Antarctica despite a high-seas showdown with environmental groups last year, and a deadly fire that crippled the fleet's mother ship and triggered strong protests over a potential oil spill.

This year's hunt includes a target of 50 humpback whales, the first known large-scale hunt for the species since a 1963 moratorium put them under international protection.

The mission aims to take up to 935 Antarctic minke whales and 50 fin whales by April in what Japan's Fisheries Agency says will be its largest scientific whale hunt in the South Pacific.